Every so often we receive a post on here that asks about how to get started in learning cryptography. Everybodies opinion on this is different, but below are my thoughts and recommendations to someone who is interested in learning about the topic.

The first thing someone who is interested should ask themselves is that are they interested in the theory of cryptography or the actual implementation side. Respected cryptographer Bruce Schneier covered this distinction in a previous issue of his crypto-gram newsletter here. In his article he gives advice about how to enter the field for four different categories of people; the high-school student, the undergraduate, the postgraduate and the employed person. Two choice excerpts from his article are his description of what a cryptographer does and the difference between a cryptographer and someone who implement cryptography (what he calls a security engineer).

Bruce Schneier wrote:

First, what is a cryptographer? For our purposes, a cryptographer is someone who is active in the field of cryptography: someone who engages in research, writes papers, breaks algorithms and protocols, and sometimes writes his own algorithms and protocols.

Bruce Schneier wrote:

Of course, most people who implement cryptography in software and hardware products are not cryptographers. They are implementers of cryptography, security engineers. I find that most people who say they want to be cryptographers actually want to be security engineers. They want to be a person who builds secure systems the use cryptography. This essay is not really for them, although much of the advice is the same. Security engineering requires a strong understanding of cryptography, but it does not require creating new cryptography.

Following this I normally suggest they read two other essays by Schneier. The first is Why Cryptography Is Harder Than It Looks. This essay deals with the threats that computer systems and cryptography face and how some of these threats can be minimised.

Bruce Schneier wrote:

From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today's information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital.

But the cryptography now on the market doesn't provide the level of security it advertises. Most systems are not designed and implemented in concert with cryptographers, but by engineers who thought of cryptography as just another component. It's not. You can't make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation.

It raises an important point that many people fail to realise. You cannot just add cryptography to an insecure product to make it secure. It doesn't work like that. Security must be built in from the early design stages to create a secure system.

But reality isn't that simple. Longer keys don't always mean more security. Compare the cryptographic algorithm to the lock on your front door. Most door locks have four metal pins, each of which can be in one of ten positions. A key sets the pins in a particular configuration. If the key aligns them all correctly, then the lock opens. So there are only 10,000 possible keys, and a burglar willing to try all 10,000 is guaranteed to break into your house. But an improved lock with ten pins, making 10 billion possible keys, probably won't make your house more secure. Burglars don't try every possible key (a brute-force attack); most aren't even clever enough to pick the lock (a cryptographic attack against the algorithm). They smash windows, kick in doors, disguise themselves as policemen, or rob keyholders at gunpoint. One ring of art thieves in California defeated home security systems by taking a chainsaw to the house walls. Better locks don't help against these attacks.

Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on the cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake into the ground and hoping that the adversary runs right into it. Smart attackers will just go around the algorithms.

This essay covers the important topic that in the majority of systems, the cryptographic algorithm is not the weakest link in the chain. Bad implementations and design errors are common in security products which make it possible to avoid attacking the cryptography directly. This is why arguments about whether to use a 128-bit or 256-bit encryption key are usually pointless, as the security can be avoided by other means. An attacker will always attack the weakest part of the system, and it is never usually the cryptographic algorithm.

Should they still decide to pursue the topic of cryptography I then refer them to a collection of posts that I have previously made to the forum.

To get them "up to speed" with the background of cryptography I usually refer them to my opinions on a number of books. This was written back in 2004, but as a starting point I still feel that is a good overview of books in a number of cryptographical topics. Be sure to read Justin's response in the next post in the thread for some more excellent information. Quoting myself:

mxb wrote:

History of cryptography:

Simon Singh - The code book - An good history book covering the history of encryption from ancient times up to approximatly the discovery of public-key cryptography. His series of tv programes on Channel 4 and this well written book was one of the things that attracted me to this topic in the beginning.
Crypto - Steven Levy - Another good history book covering modern cryptography, showing how the US Government was trying to keep the lid on it from way back in the DES era.

Once a good background is established it is time to get current with developments in the cryptographic world. The best way to do this is through monitoring and reading the published research papers. Luckily, a large number of papers are freely available in either postscript of pdf form. Some recommended websites for finding and accessing these papers are:

Some additional advice about gaining access to recent developments and papers from Justin:

JustinT wrote:

Citeseer is also a great repository for papers on cryptography. DBLP is an excellent bibliographical database for author-searching. You've listed the best ones. MIT's CIS group has a partial list of their publications, as well as the Swiss Federal Institute of Technology's Information Security and Cryptography Research Group. There are various other lists at other universities - many of which can be found by Googling for "cryptography group," both inside and without quotation marks. Several universities also have "information security" in their group name as well, so this may be helpful in finding lesser known lists of publications.

However, just reading will not make you well versed with the intricacies of cryptography. You also need to have hands on experience with the practical aspects of cryptography. Learning cryptanalysis is one of the most common and recommended methods of actually working within the topic as a beginner. You will learn how to break encryption algorithms by identifying their flaws. This gives invaluable insight into both algorithm design and previous flaws. By learning these techniques you will be able to avoid the mistakes in ciphers of your own design.

I would recommend starting with simple pencil-and-paper ciphers. These are simple ciphers which don't require the use of a computer, yet still teach the basic elementary cryptanalysis techniques such as frequency analysis. Once these have been mastered I would then recommend working through Schneier's Self Study Course in Block Cipher Analysis. This course is a list of cipher challenges in order of increasing difficulty. Starting with weakened versions of older ciphers and eventually working up to current generation algorithms. I wrote a paper (original forum post, pdf / postscript version) detailing my experiences while breaking the first challenge to inform others of how I approached the problem and also to direct interest towards the course.

Hopefully this information will help some people to get started in the interesting world of cryptography. There are always work to be done, either in analysis of existing algorithms and protocols or innovative research into new ideas. One final word is that during your learning process you will eventually have the urge to create new "unbreakable" ciphers. By all means do so, but don't expect them to be secure. A large part of the fun is creating cipher which you cannot break and then later on having them broken either by yourself (with your increased knowledge) or by someone else. Don't be afraid of this, as you will learn significantly from the experience and thus be able to create newer, more secure algorithms or even break other peoples systems.